CVE-2024-10977

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-10977
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10977.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-10977
Aliases
Related
Published
2024-11-14T13:15:04Z
Modified
2024-12-05T15:36:13.808857Z
Summary
[none]
Details

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

References

Affected packages

Alpine:v3.17 / postgresql14

Package

Name
postgresql14
Purl
pkg:apk/alpine/postgresql14?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.14-r0

Affected versions

8.*

8.3.5-r0
8.3.7-r0
8.3.7-r1
8.3.7-r2
8.3.7-r3
8.4.0-r0
8.4.0-r1
8.4.0-r2
8.4.1-r0
8.4.1-r1
8.4.2-r0
8.4.2-r1
8.4.3-r0
8.4.3-r1
8.4.3-r2
8.4.3-r3
8.4.4-r0

9.*

9.0.1-r0
9.0.2-r0
9.0.3-r0
9.0.3-r1
9.0.4-r0
9.1.0-r0
9.1.0-r1
9.1.1-r0
9.1.1-r1
9.1.1-r2
9.1.2-r0
9.1.2-r1
9.1.2-r2
9.1.3-r0
9.1.4-r0
9.1.5-r0
9.2.0-r0
9.2.0-r1
9.2.1-r0
9.2.1-r1
9.2.1-r2
9.2.2-r0
9.2.3-r0
9.2.4-r0
9.3.0-r0
9.3.0-r1
9.3.0-r2
9.3.1-r0
9.3.2-r0
9.3.3-r0
9.3.3-r1
9.3.3-r2
9.3.4-r0
9.3.4-r1
9.3.5-r0
9.3.5-r1
9.4.0-r0
9.4.1-r0
9.4.1-r1
9.4.1-r2
9.4.1-r3
9.4.2-r0
9.4.3-r0
9.4.4-r0
9.4.5-r0
9.4.5-r1
9.5.0-r0
9.5.1-r0
9.5.2-r0
9.5.2-r1
9.5.2-r2
9.5.2-r3
9.5.2-r4
9.5.3-r0
9.5.3-r1
9.5.4-r0
9.6.0-r0
9.6.0-r1
9.6.1-r0
9.6.1-r1
9.6.2-r0
9.6.2-r1
9.6.2-r2
9.6.2-r3
9.6.2-r4
9.6.3-r0
9.6.4-r0
9.6.4-r1
9.6.5-r0
9.6.5-r1

10.*

10.0-r0
10.0-r1
10.1-r0
10.1-r1
10.1-r2
10.2-r0
10.3-r0
10.3-r1
10.4-r0
10.5-r0

11.*

11.0-r0
11.0-r1
11.1-r0
11.2-r0
11.2-r1
11.3-r0
11.3-r1
11.3-r2
11.4-r0
11.4-r1
11.5-r0
11.5-r1
11.5-r2

12.*

12.0-r0
12.0-r1
12.1-r0
12.1-r1
12.1-r2
12.2-r0
12.2-r1
12.2-r2
12.2-r3
12.3-r0
12.3-r1
12.3-r2
12.4-r0
12.4-r1
12.5-r0
12.5-r1

13.*

13.1-r0
13.1-r1
13.1-r2
13.2-r0
13.2-r1
13.2-r2
13.2-r3
13.2-r4
13.3-r0
13.3-r1
13.4-r0
13.4-r1
13.4-r2

14.*

14.0-r0
14.0-r2
14.0-r3
14.0-r4
14.0-r5
14.0-r6
14.1-r0
14.1-r1
14.1-r2
14.1-r3
14.1-r4
14.1-r5
14.1-r6
14.1-r7
14.2-r0
14.2-r1
14.2-r2
14.2-r3
14.3-r0
14.3-r1
14.4-r0
14.4-r1
14.4-r2
14.5-r0
14.5-r1
14.5-r2
14.5-r3
14.6-r0
14.6-r1
14.7-r0
14.8-r0
14.9-r0
14.10-r0
14.11-r0
14.12-r0
14.13-r0

Alpine:v3.17 / postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.9-r0

Affected versions

15.*

15.1-r0
15.2-r0
15.3-r0
15.4-r0
15.5-r0
15.6-r0
15.7-r0
15.8-r0

Alpine:v3.18 / postgresql14

Package

Name
postgresql14
Purl
pkg:apk/alpine/postgresql14?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.14-r0

Affected versions

8.*

8.3.5-r0
8.3.7-r0
8.3.7-r1
8.3.7-r2
8.3.7-r3
8.4.0-r0
8.4.0-r1
8.4.0-r2
8.4.1-r0
8.4.1-r1
8.4.2-r0
8.4.2-r1
8.4.3-r0
8.4.3-r1
8.4.3-r2
8.4.3-r3
8.4.4-r0

9.*

9.0.1-r0
9.0.2-r0
9.0.3-r0
9.0.3-r1
9.0.4-r0
9.1.0-r0
9.1.0-r1
9.1.1-r0
9.1.1-r1
9.1.1-r2
9.1.2-r0
9.1.2-r1
9.1.2-r2
9.1.3-r0
9.1.4-r0
9.1.5-r0
9.2.0-r0
9.2.0-r1
9.2.1-r0
9.2.1-r1
9.2.1-r2
9.2.2-r0
9.2.3-r0
9.2.4-r0
9.3.0-r0
9.3.0-r1
9.3.0-r2
9.3.1-r0
9.3.2-r0
9.3.3-r0
9.3.3-r1
9.3.3-r2
9.3.4-r0
9.3.4-r1
9.3.5-r0
9.3.5-r1
9.4.0-r0
9.4.1-r0
9.4.1-r1
9.4.1-r2
9.4.1-r3
9.4.2-r0
9.4.3-r0
9.4.4-r0
9.4.5-r0
9.4.5-r1
9.5.0-r0
9.5.1-r0
9.5.2-r0
9.5.2-r1
9.5.2-r2
9.5.2-r3
9.5.2-r4
9.5.3-r0
9.5.3-r1
9.5.4-r0
9.6.0-r0
9.6.0-r1
9.6.1-r0
9.6.1-r1
9.6.2-r0
9.6.2-r1
9.6.2-r2
9.6.2-r3
9.6.2-r4
9.6.3-r0
9.6.4-r0
9.6.4-r1
9.6.5-r0
9.6.5-r1

10.*

10.0-r0
10.0-r1
10.1-r0
10.1-r1
10.1-r2
10.2-r0
10.3-r0
10.3-r1
10.4-r0
10.5-r0

11.*

11.0-r0
11.0-r1
11.1-r0
11.2-r0
11.2-r1
11.3-r0
11.3-r1
11.3-r2
11.4-r0
11.4-r1
11.5-r0
11.5-r1
11.5-r2

12.*

12.0-r0
12.0-r1
12.1-r0
12.1-r1
12.1-r2
12.2-r0
12.2-r1
12.2-r2
12.2-r3
12.3-r0
12.3-r1
12.3-r2
12.4-r0
12.4-r1
12.5-r0
12.5-r1

13.*

13.1-r0
13.1-r1
13.1-r2
13.2-r0
13.2-r1
13.2-r2
13.2-r3
13.2-r4
13.3-r0
13.3-r1
13.4-r0
13.4-r1
13.4-r2

14.*

14.0-r0
14.0-r2
14.0-r3
14.0-r4
14.0-r5
14.0-r6
14.1-r0
14.1-r1
14.1-r2
14.1-r3
14.1-r4
14.1-r5
14.1-r6
14.1-r7
14.2-r0
14.2-r1
14.2-r2
14.2-r3
14.3-r0
14.3-r1
14.4-r0
14.4-r1
14.4-r2
14.5-r0
14.5-r1
14.5-r2
14.5-r3
14.6-r0
14.6-r1
14.7-r0
14.7-r1
14.7-r2
14.7-r3
14.7-r4
14.8-r0
14.9-r0
14.10-r0
14.11-r0
14.12-r0
14.13-r0

Alpine:v3.18 / postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.9-r0

Affected versions

15.*

15.1-r0
15.1-r1
15.2-r0
15.2-r1
15.2-r2
15.2-r3
15.2-r4
15.3-r0
15.4-r0
15.5-r0
15.6-r0
15.7-r0
15.8-r0

Alpine:v3.19 / postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.9-r0

Affected versions

15.*

15.1-r0
15.1-r1
15.2-r0
15.2-r1
15.2-r2
15.2-r3
15.2-r4
15.3-r0
15.3-r1
15.4-r0
15.4-r1
15.4-r2
15.5-r0
15.6-r0
15.7-r0
15.8-r0

Alpine:v3.19 / postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.5-r0

Affected versions

16.*

16.0-r0
16.0-r1
16.0-r2
16.1-r0
16.2-r0
16.2-r1
16.3-r0
16.4-r0

Alpine:v3.20 / postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.9-r0

Affected versions

15.*

15.1-r0
15.1-r1
15.2-r0
15.2-r1
15.2-r2
15.2-r3
15.2-r4
15.3-r0
15.3-r1
15.4-r0
15.4-r1
15.4-r2
15.5-r0
15.6-r0
15.6-r1
15.6-r2
15.7-r0
15.8-r0

Alpine:v3.20 / postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.5-r0

Affected versions

16.*

16.0-r0
16.0-r1
16.0-r2
16.1-r0
16.2-r0
16.2-r1
16.2-r2
16.2-r3
16.2-r4
16.3-r0
16.4-r0

Alpine:v3.21 / postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.5-r0

Affected versions

16.*

16.0-r0
16.0-r1
16.0-r2
16.1-r0
16.2-r0
16.2-r1
16.2-r2
16.2-r3
16.2-r4
16.3-r0
16.3-r1
16.4-r0
16.4-r1

Alpine:v3.21 / postgresql17

Package

Name
postgresql17
Purl
pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.1-r0

Affected versions

17.*

17.0-r0
17.0-r1

Debian:11 / postgresql-13

Package

Name
postgresql-13
Purl
pkg:deb/debian/postgresql-13?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.17-0+deb11u1

Affected versions

13.*

13.3-1
13.4-0+deb11u1
13.4-1
13.4-2
13.4-3
13.5-0+deb11u1
13.7-0+deb11u1
13.8-0+deb11u1
13.9-0+deb11u1
13.10-0+deb11u1
13.11-0+deb11u1
13.12-0+deb11u1
13.13-0+deb11u1
13.14-0+deb11u1
13.15-0+deb11u1
13.16-0+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / postgresql-15

Package

Name
postgresql-15
Purl
pkg:deb/debian/postgresql-15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.9-0+deb12u1

Affected versions

15.*

15.3-0+deb12u1
15.3-1
15.4-0+deb12u1
15.4-1
15.4-2
15.4-3
15.5-0+deb12u1
15.6-0+deb12u1
15.7-0+deb12u1
15.8-0+deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / postgresql-16

Package

Name
postgresql-16
Purl
pkg:deb/debian/postgresql-16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other

16~beta1-1
16~beta1-2
16~beta2-1
16~beta3-1
16~rc1-1
16~rc1-2

16.*

16.0-2
16.1-1
16.2-1
16.2-2
16.3-1
16.4-1
16.4-2
16.4-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / postgresql-17

Package

Name
postgresql-17
Purl
pkg:deb/debian/postgresql-17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.1-1

Affected versions

Other

17~~devel20240509-1
17~beta1-1
17~beta2-1
17~beta3-1
17~rc1-1

17.*

17.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}